Tag Archives: IRM

The Institute of Risk Management (IRM) has signed a group affiliate scheme agreement with Nigeria’s Chartered Institute of Loan and Risk Management (CILRM).

The IRM is the leading global professional body for Enterprise Risk Management and currently has over 600 members across Africa, with active regional groups in Ghana, Kenya and South Africa. The organisation is currently in the process of setting up a group in Nigeria and Zimbabwe.

Legislation dictates that all companies over a certain size must have qualified risk management professionals in place in the region, highlighting the importance of risk management to the success of both organisations and the economy.

The scheme involves the CILRM purchasing 2,500 IRM group affiliate memberships which will then be allocated across the CILRM membership network. This means that the IRM’s counterparts can benefit from demonstrating their commitment to the risk management agenda by being part of a growing global network.

Other membership benefits include events, qualifications, networking and access to online materials.

Dr Ian Livsey, CEO of the IRM, said: “This is an exciting development for both the IRM and the CILRM when it comes to strengthening the risk management profession in Nigeria and for us to work more strategically going forwards.”

Livsey added: “The IRM already had a great footprint in Africa, but this news cements the importance of the developing Nigerian market. We’re keen to progress the risk management profession globally and determined to raise the importance of enterprise risk at Board level.”

Dr Sir Oladipupo A Bailey, president and chairman of the Governing Council of the CILRM, responded: “The signing of the Memorandum of Understanding with the IRM will not only strengthen the working relationship between the two bodies, but will also go a long way towards creating awareness of risk management’s importance for the Nigerian economy, both in the private and public sectors.”

He continued: “This is another milestone achievement for the CILRM and the IRM in terms of growing and developing the profession, especially in the areas of resource enhancement and capacity building.”

*The IRM has recently launched The Big Debate, which is a series of global events, interviews and a survey designed to find out more about the Risk Agenda 2025. Click here https://www.theirm.org/risk-agenda-2025.aspx for details

Political instability caused by low oil prices, increased shareholder activism and the business threat posed by a potential UK exit from the EU are among the chief concerns voiced by some of the UK’s leading risk experts for 2015.

As 2014 draws to a close, members of the Institute of Risk Management (IRM) were asked to identify key risk areas for 2015. A broad range of oil and gas, political, healthcare, regulatory and insurance risks were highlighted as potential flashpoints.

Oil and Gas

“The lower oil price will raise a number of risks, including political and social disruption in oil producing countries which, if not successfully managed, will impact on the world,” asserted Mark Boult, Fellow of the IRM and director at risk management consultancy DNV GL.

Boult continued: “Given the greater financial pressure we will see on the sector next year, stakeholders need to maintain their focus on the integrity of assets. Not doing so will deliver poorer reliability and increase the risks of a major accident. Industry and Governments should work together to proactively manage down the commercial pressures and risks facing the industry from the oil price drop.”

A catastrophic major accident and physical asset integrity will remain a major industry focus for next year. “Such events are always – and always need to be – at the front of our minds given the impact they have on people, the environment and the business of the industry as a whole,” explained Boult.

Commentators from the IRM have mapped out key potential risks for 2015

Politics

An uncertain political environment in the UK is highlighted as a key risk area for next year by IRM members. “We need to watch closely how the dialogue between the UK and EU develops,” said José Morago, IRM chairman and group risk director at Aviva. “The potential risk of a UK exit from the EU could bring about even bigger strategic, operational and legal risk challenges to many international companies than those raised by Scottish independence.”

Morago added: “Next year, we have the UK General Election and possible presidential elections in Europe. With continuing fiscal deficits, cost of living pressures, low investment returns and low public trust in financial institutions, there’s a real risk of further – and bolder – political announcements as parties compete for public approval.”

Mark Butterworth, member of the IRM and managing director at risk management consultancy Condie Risk, believes the unpredictability of next year’s UK General Election is unique in his adult memory. Butterworth argues that a vote to leave the EU could provide the Scottish National Party with a boost, “possibly leading to the start of the ‘second’ wave for independence.”

Alternatively, an indecisive result in a May election which fails to resolve ‘the European question’ could lead to “upheaval, forcing a second General Election in late 2015, with all the attendant uncertainty that entails.”

Healthcare

The total number of Ebola deaths is predicted to peak in 2015 according to Patrick Keady FIRM, risk leadership consultant with the NHS. “This will be achieved by continuing with current levels of awareness, actions and plans and by Governments avoiding ineffective knee-jerk reactions. Lessons will be learned from Sierra Leone’s handling of the crisis where 21% of people infected died compared to 60% in Guinea and 42% in Liberia.”

Further 2015 predictions by Keady are as follows:
• “It will be the year more people will say ‘No’ to so-called ‘healthy food’, leading to reduced demand for healthcare in the long term. People can consume up to seven times the World Health Organisation’s daily recommended amount of sugar when their diet is limited to foods such as low fat yoghurts, muesli bars and sports drinks. The debate about processed versus natural food will escalate with the launch of ‘That Sugar Film’ next year.”
• “Drugs and alcohol will both start to be seen as healthcare issues. With 9% of all emergency hospital care being for people with a drug or alcohol problem, 36% of these are from the most disadvantaged neighbourhoods. An increased focus on the health implications of drugs and alcohol will start to benefit the population and, in turn, reduce drug and alcohol-related crime statistics.”

Regulation

According to IRM commentators, new regulation is going to pose risks for companies and company directors in 2015.

Taken together, the 2014 UK Corporate Governance Code and Financial Reporting Council’s Guidance on Risk Management will significantly upgrade the weaponry of shareholder activism in 2015. “Greater corporate governance and risk management education at Board level – including Company Secretaries – will be needed to mitigate against the risk posed by the new regulatory environment,” stated Mark Butterworth.

The Financial Conduct Authority’s drive for greater competence and capability means that Boards of Directors must be far more proactive about ensuring their capabilities match their needs. José Morago commented: “Boards need to identify governance gaps and plug them fast, whether that’s through acquiring new skills, qualifications or experience. What’s expected from Boards is going to be raised quite fast next year.”

Insurance

Reduced profitability for the UK insurance sector is an identifiable risk for 2015 according to Enrico Bertagna, IRM affiliate and senior vice-president of business development at Allied World Europe Insurance.

“If there’s no material change in claims trends or major catastrophes,” outlined Bertagna, “we’re looking at ongoing downward pressure on premium rates, reducing underwriting profits in most classes of business.”

Bertagna also believes we’re likely to see a trend towards the localisation of risk in 2015. “We’ll see less premium flowing to London from emerging markets. That will lead to reduced premium to London market insurers on the one hand, while potentially exposing local market insurers to greater volatility on the other.”

The report urges companies to prioritise behavioural risk over ‘tick box compliance’ in order to tackle the ethical uncertainties present in today’s complex delivery networks.

Peter Neville Lewis – one of the report’s authors and an IRM member – explained: “Ticking boxes is easy – and dangerous. Boxes were ticked at Rana Plaza, in Rotherham and at BP. Developing a sophisticated understanding of ‘personal risk management’ may be a somewhat harder task but, as companies as diverse as John Lewis and Tata Industries have shown, it does help to create the ethical behaviour that controls risk across an organisation however big or complex the operation may be.”

Back in August, a Chartered Institute of Purchasing and Supply survey of UK businesses revealed that nearly 75% of supply chain professionals admitted to having ‘zero visibility’ of the first stages of their supply chain. Shockingly, 11% acknowledged it was ‘likely’ that slave labour was used at some point in the process.

Human cost of wilful blindness

The IRM’s technical director Carolyn Williams – who authored the new report – pointed out: “This is the human cost of wilful blindness in extended enterprise risk. It’s time businesses stopped expressing remorse and started tackling the behavioural uncertainties at every stage of their operations.”

Shareholders have a direct interest in whether a company takes a tick box or behavioural approach to organisation-wide risk management. A 2013 report published by the World Economic Forum highlighted the fact that significant supply chain disruption cuts the share price of affected companies by an average of 7%.

The IRM report entitled ‘Extended Enterprise: Managing Risk in the Complex 21st Century Organisations’ finds that businesses which respond to supply chain scandals with additional rules and regulations leave workers even more vulnerable

‘Extended Enterprise: Managing Risk in Complex 21st Century Organisations’ marks the transition from risk management of a single organisation to a coherent programme which meets the global and interdependent challenges of today’s joint endeavours.

Made up of IRM practitioners together with academic experts, the report’s project group has skilfully developed models, tools and techniques to help risk practitioners understand and manage risk across extended enterprises.

“Today’s extended enterprise environments achieve amazing outcomes but also display many of the characteristics of complex systems, with all of the potential for volatility and uncertainty that implies,” continued Williams. “By modelling the extended enterprise in practice, we provide risk practitioners with the tools such that they can begin to understand organisational exposure to extended enterprise risks – wherever in the chain they may be.”

Williams went on to comment: “By their very nature, complex systems cannot be managed or controlled. However, they can be influenced so, in terms of the future risk manager, this will demand new skills around leadership and when it comes to the understanding of culture, ethics and behaviour.”

Methodologies and tactics for addressing risk

The report offers recent multi-agency examples to demonstrate why there should be concern around extended enterprises. These include the scandal in the UK when horsemeat appeared in some beef supply chains, the management by some banks of their outsourced IT providers, failures in care homes and child protection in the UK and the tangle of responsibilities that became evident following the Macondo well disaster in the Gulf of Mexico.

As well as supporting organisational performance, the IRM report claims that a better understanding of risk across the extended enterprise is also vital in tackling wider problems such as slavery, abuse, environmental damage and dangerous working conditions. The report argues that wilful blindness by organisations to these issues within their broader networks is unacceptable.

Put simply, companies must now ask themselves whether any claims that they make about their values hold true across their extended enterprise.

Richard Hibbert – CEO of cloud-based Governance, Risk and Compliance (GRC) solutions provider SureCloud (who sponsored the report) – stated: “This is a thought-provoking study which highlights the risks posed by relationships across extensive networks of suppliers, partners and associates. It also offers methodologies and tactics for addressing risks and harnessing the benefits.”

*The new report was officially launched at a conference held at Cass Business School in London on Thursday 9 October

After two days of intense hands-on training and development, a new potential generation of UK cyber security defenders (including members of the public and military personnel) have been tested to see if they have what it takes to protect their country from online attacks.

Held at the Defence Academy in Shrivenham, the Cyber Security Challenge UK’s new cyber camp was delivered by a number of the UK’s most prestigious cyber defence companies to help attendees gain foundation skills and confidence to take their first steps into the cyber security profession.

The assessment on Friday 29 August was devised by cyber security operatives from GCHQ and witnessed brave candidates assemble a cyber team battling to overcome the threat of a cyber terrorist group, the Flag Day Associates, who have been staging a number of attacks in the UK over recent months.

The latest incident was reported by the central security team at Parliament Square, a large central London meeting and conferencing space known to host classified gatherings characterised by high secrecy and sensitivity. The team confirmed that the web-based application that controls their intelligent building management software had been targeted and successfully compromised.

The cyber students in action

Under the guidance of mentors from GCHQ and other industry experts, as well as previous Challenge candidates, the cyber camp recruits were assessed on their ability to run penetration testing as part of a full security assessment of the web application in order to identify the vulnerabilities that may have been exploited by the attackers.

To prepare them for this test, the cyber camp recruits were taken through two days of training administered by some of the country’s leading cyber security experts.

Content details of the cyber camp

The cyber camp programme was put together by the Challenge with the support of C3IA Solutions (who provide information risk management training and cyber security services for the MoD, the Government and industry) and included:

• Defence, aerospace and security expert QinetiQ introducing cyber camp attendees to the principles of risk assessment and management
• Forensic technology teams at PricewaterhouseCoopers running lessons on digital forensic analysis
• Introductions to business continuity management and security architecture provided by worldwide information security training and education company Infosec Skills (two further modules were completed online ahead of the cyber camp)
• Web application security testing instruction courtesy of cyber security services and solutions specialist IRM
• A module on vulnerability research from Raytheon, the technology and innovation leader specialising in defence and national security
• An interactive session on legal and ethical practice within cyber security delivered by the National Crime Agency

The final stage of the cyber camp witnessed candidates sitting their first professional qualification – the Certificate in Information Assurance Awareness (CIAA) – free of charge. This came courtesy of InfoSec Skills and its examination provider, the Global Certification Institute (GCI).

Cyber camp attendees who performed particularly well were granted places on the new CESG-accredited Cyber Scheme Team Member course.

Growing skills gap in cyber security

The Cyber Security Challenge UK began in 2010 as three competitions run by a small group of supporters from industry, Government and academia designed to address the growing skills gap in the UK cyber security profession.

Now in its fifth year, the Challenge has grown its range of competitions to better represent the variety of skills currently demanded within the profession and is backed by over 75 sponsors from across UK Government (including through its National Cyber Security Programme) as well as major names from industry and academia.

Challenging cyber attackers in among the tanks at Shrivenham

The cyber camps are a more recent addition to the Challenge competition programme. They sit alongside a variety of exciting virtual competitions and provide a first opportunity for candidates to begin crafting their skills.

Stephanie Daman, CEO of the Cyber Security Challenge UK, commented: “Last year’s inaugural cyber camps showed the demand from amateurs to be given the opportunity to break into this field. The camps afford everyday civilians the chance to see what it’s really like to work as a professional in this sector, and what’s involved in defending the UK from ever-growing cyber attacks.”

Daman added: “Talented individuals learn from the best in the industry and, by dint of receiving a qualification for their efforts, they’re provided with a genuine career-enhancing experience. This sector needs more people with talent and skills and all of those involved in this cyber camp will have enjoyed a truly unforgettable experience.”

Kevin Williams, head of partnerships at the National Crime Agency’s National Cyber Crime Unit, stated: “We are proud to be part of this year’s cyber security camp and help to inspire the next generation of specialists to think about a career in cyber security. Our officers tested the skills, technical ability, knowledge and understanding of the candidates to see whether they have what it takes to defend the UK and its citizens from cyber-related attacks. We look forward to continuing our support for the Cyber Security Challenge UK over the coming months.”

Virtual competitions and foundation modules

Terry Neal, CEO at InfoSec Skills, explained: “We’re delighted to support the Challenge through our virtual competitions and foundation modules in IA Governance and IA Architecture delivered during the cyber camp. We hope to inspire the next generation of cyber specialists and help to get them started on their career paths in Information Assurance.”

Charles White, CEO of IRM, said: “Watching the cyber camp recruits learn and compete while surrounded by the physical history of the British Armed Forces illustrates the extent to which the Internet has transformed our lives and how, as a society, we must respond to that change. Where once we had tanks and large armies to defend our nation, we now have skilled and tenacious individuals who thrive on a technical challenge – the UK’s Armed Forces for a Digital Age, if you like.”

On an equally serious note, White also commented: “At this time there is a severe deficit of qualified individuals who are capable of assessing and improving our cyber security defences. If our citizens, Government and businesses want to stay safe in cyber space while also continuing to reap the economic and social benefits it brings then more effort has to be invested in nurturing cyber security talent.”